News

Tumblr implements two-factor authentication to enhance security

Tumblr has implemented two-factor authentication to join the likes of Internet giants such as Microsoft and Google. The blogging giants announced that users security will be enhanced through two forms of authentication, reducing the ability for unauthorised users to access legitimate accounts.

Users can enable this setting through user settings pages, adding extra security to the log in process and reducing the chances of user account compromise. The blogging platform noted in a blog post that two-factor authentication works by combining both your device and your password together in order to access your dashboard. Tumblr compared this with the launch of a nuclear missile, comparing the control back to the original “something you know and something you have” combination to achieve security.

Although two-factor authentication is not a catch all to prevent unauthorised access, it does make life a lot more tricky for the bad guys. By utilising two factor authentication, the attacker would have to overcome both properties in order to access the account. This prevents attacks such as brute force dictionary attacks against credentials as attackers would also need to prove that they have the second form of authentication in order to access the users Tumblr account.

In most two-factor authentication scenarios, the user will enter their first (and main) password along with credentials to the website. The website will then send a unique, randomly generated number to a device that is specified by the user at account creation – the user will then have to put in this code in order to access their account. This is exactly how Tumblr have implemented the process, with the second form of authentication being sent to the users mobile phone.

Tumblr are hoping that two-factor authentication will reduce the likelihood of unauthorised access and credential harvesting on their blogging platform. While this is an optional control for users, Tumblr have done an excellent job of communicating the control to the community and stating why this control is so imperative from a security perspective.